com.xlrit.gears.server.security.SecurityConfiguration Maven / Gradle / Ivy
package com.xlrit.gears.server.security;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.filter.CommonsRequestLoggingFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/** Note there are also InternalWebSecurityConfiguration and OAuthWebSecurityConfiguration. */
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfiguration {
@Bean
@ConfigurationProperties("gears.security.cors")
public CorsConfiguration corsConfiguration() {
return new CorsConfiguration();
}
@Bean
public WebMvcConfigurer webCorsConfigurer(CorsConfiguration corsConfiguration) {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").combine(corsConfiguration);
}
};
}
@Bean
@ConditionalOnExpression("${gears.request-logging.enabled:false}")
public CommonsRequestLoggingFilter requestLoggingFilter() {
// will log to `org.springframework.web.filter.CommonsRequestLoggingFilter` on DEBUG level
CommonsRequestLoggingFilter loggingFilter = new CommonsRequestLoggingFilter();
loggingFilter.setIncludeClientInfo(true);
loggingFilter.setIncludeQueryString(true);
loggingFilter.setIncludePayload(true);
loggingFilter.setMaxPayloadLength(64000);
return loggingFilter;
}
}